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DETAILED ACTION 

1 . This office action is in response to the amendment filed on November 02, 2006. 
No claims have been amended. Claims 1-2 and 23 have been canceled. Therefore, 
claims 13-22 and 24-38 are presented for further examination. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 13-16, 18-22 and 25-30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vairavan, U.S. Patent Application Publication No. 2002/0083344 
(hereinafter Vairavan), in view of Wang et a)., U.S. Patent No. 6,538,997 (hereinafter 
Wang). 

4. With respect to claims 22 and 1 3, Vairavan teaches a method of managing a 
network [see abstract and fig. 1], said method comprising: 

■ accessing a database of a stored physical topology of said network to obtain 
authorized address at host ports of switches [paragraphs 0074-0084 i.e. a 
security policy database]; 
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■ configuring a switch in said network to forward a packet received at a first port 
[120, 125 and 130] if an address associated with said packet is authorized for 
said first port [paragraphs 0054-0060]; 

■ comparing a set of learned addresses against set of expected addresses, 
said learned addresses comprising addresses associated with packets 
processed at a second port [1 15a-g], said expected addresses derived from 
an expected configuration of said network [paragraphs 0059-0060 and 0086- 
0101]. 

However, Vairavan does not explicitly show tracing a topology of said network to 
find a third port where an unexpected address entered said network, said third port 
coupled to a device having a media access control (MAC address) that is said 
unexpected address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1, lns.11-32 and col. 5, 
ln.9 - col.6, ln.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [i.e. the determination of which port a particular MAC address is reachable. 
For example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, Ins. 50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang by tracing a 
topology of said network to find a third port where an unexpected address entered said 
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network, said third port coupled to a device having a media access control (MAC 
address) that is said unexpected address because this feature is a consequence of the 
topologies being aligned [Wang, col.6, lns.63-65]. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated in order to 
gather specific diagnostic information relating to a particular path through the switched 
network [Wang, col.6, lns.20-21]. 

5. With respect to claim 25, Vairavan further teaches said configuring the switch 
further comprises configuring the switch to drop said packet if said address is not 
authorized [paragraph 0132]. 

6. With respect to claims 1 8 and 26, Vairavan further teaches said configuring the 
switch comprises programming the switch in said network to recognize authorized 
address for said first port [paragraphs 0054-0060]. 

7. With respect to claim 27, Vairavan further teaches said configuring the switch 
further comprises configuring the switch to forward said packet to a host device [215 i.e. 
system processor] if said address is authorized for said first port, said first port coupled 
to said host device [paragraphs 0054-0060]. 
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8. With respect to claim 28, Vairavan further teaches said method further 
comprising: determining changes in physical topology of said network [paragraphs 
0060 and 0086-0088]. 

9. With respect to claim 29, Vairavan further teaches said determining changes in 
physical topology comprises comparing a physical description of said network with said 
stored physical topology of said network [paragraphs 0060 and 0086-0088]. 

1 0. With respect to claims 30, Vairavan further teaches said address is a media 
access control (MAC) address and wherein said network comprises a virtually-wired 
switching fabric [fig. 2]. 

1 1 . With respect to claims 14-1 5, Vairavan further teaches said network is a virtually- 
wired switching network [fig.1] and said first port couples switches in said network and 
said second port is couple to a host device [paragraphs 0046-0054]. 

12. With respect to claim 1 6, Vairavan further teaches said method further 
comprises: taking corrective action at said second port, wherein said second port is 
coupled to a host device [paragraphs 0069-0071]. 
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1 3. With respect to claim 1 9, Vairavan further teaches of said method is repeated for 
each interconnect port in said network, wherein said network comprises a plurality of 
switches [paragraph 0069 and fig.1]. 

14. With respect to claim 20, Vairavan further teaches said method further 
comprises: determining changes in physical topology of said network [paragraphs 
0059-0060 and 0086]. 

1 5. With respect to claim 21 , Vairavan further teaches of said method comprises 
comparing a physical description of said network with a stored physical description of 
said network [paragraphs 0073-0088]. 

16. Claims 17 and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Vairavan in view of Wang as applied to claims 13 and 22 above, and further in e 
view of Holloway et al., U.S. Patent No. 5,805,801 (hereinafter Holloway). 

1 7. With respect to claims 1 7 and 24, Vairavan further teaches the method further 
comprising: said network is a virtually-wired switching fabric [fig.2] and said third port is 
at the edge of said fabric [paragraphs 0068-0070]. 

However, Vairavan does not explicitly show disabling said third port. 
In a method of managing a network, Holloway discloses disabling a port [col. 3, 
lns.3-25]. 
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Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang, and further in view 
of Holloway by disabling the port because this feature not only provides for detection of 
security intrusions, but also provides the proactive actions needed to stop the 
proliferation of security intrusions over the domain [Holloway, col.2, lns.41-45]. It is for 
this reason that one of ordinary skill in the art at the time of the invention would have 
been motivated in order to filter on their respective ports against the intruding 
unauthorized address [Holloway, see abstract]. 

18. Claims 31-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vairavan in view of Wang, and further in view of Holloway. 

19. With respect to claim 31 , Vairavan teaches a network comprising: 

■ a plurality switches [paragraphs 0047-0048]; 

■ said switches interconnected and configured to control communication 
between a plurality of devices coupled to said network [fig.1]; 

■ a database having stored therein a stored physical topology of said network 
and authorized addresses associated with packets processed at ports of said 
switches, wherein said authorized addresses are based on said stored 
physical topology [paragraphs 0074-0084 i.e. a security policy database]; 

However, Vairavan does not explicitly show a configuration agent that is able to 
program said switches based on said authorized address to detect a packet having an 
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unauthorized address; and a management agent that is able to: compare addresses 
learned by said switches against said authorized addresses to determine an 
unauthorized address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1 , Ins. 1 1-32 and col.5, 
ln.9 - col.6, ln.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [i.e. the determination of which port a particular MAC address is reachable. 
For example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, lns.50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang by tracing a 
topology of said network to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) that is said unexpected address because this feature is a consequence of the 
topologies being aligned [Wang, col.6, lns.63-65]. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated in order to 
gather specific diagnostic information relating to a particular path through the switched 
network [Wang, col.6, lns.20-21]. 

Further, Holloway discloses a configuration agent that is able to program said 
switches based on said authorized address to detect a packet having an unauthorized 
address [col.3, lns.30-43 and col.4, ln.46 - col.5, In. 12]; and a management agent that is 
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able to: compare addresses learned by said switches against said authorized addresses 
to determine an unauthorized address [col.7, lns.7-68 and col.3, lns.37-39], in a 
communication system. 

Thus, it would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to modify Vairavan in view of Wang, and further in view of 
Holloway by adding a configuration agent and management agent because this feature 
this feature not only provides for detection of security intrusions, but also provides the 
proactive actions needed to stop the proliferation of security intrusions over the domain 
[Holloway, col.2, lns.41-45]. It is for this reason that one of ordinary skill in the art at the 
time of the invention would have been motivated in order to send an alert frame to the 
functional address [Holloway, col.8, lns.18-19]. 

20. With respect to claim 32, Vairavan further teaches said switches are further 
configured to forward said packet if said address is authorized [paragraphs 0054-0060]. 

21 . With respect to claim 33, Vairavan further teaches said switches are further 
configured to drop said packet if said address is not authorized [paragraph 0132]. 

22. With respect to claim 34, Vairavan further teaches there is a one-to-one mapping 
between ports of said switches [paragraphs 0047-0049]. 
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23. With respect to claim 35, Vairavan further teaches said addresses are medium 
control access (MAC) addresses [fig.2]. 

24. With respect to claim 36, Vairavan further teaches said network comprises a 
virtually-wired switching fabric [fig.2]. 

25. With respect to claim 37, Vairavan further teaches said management agent is 
further able to determine changes in said physical topology of said network and to 
update said stored physical topology and authorized addresses in said database based 
on said changes [0054-0060]. 

26. With respect to claim 38, Vairavan further teaches said configuration agent is 
further able to re-program said switches based on said updates to said authorized 
addresses [paragraphs 0054-0060]. 

Response to Arguments 

27. Applicant's arguments filed November 10, 2006 have been fully considered but 
they are not persuasive because of the following: Vairavan teaches a method of 
managing a network [see abstract and fig.1], said method comprising: accessing a 
database of a stored physical topology of said network to obtain authorized address at 
host ports of switches [paragraphs 0074-0084 i.e. a security policy database]; 
configuring a switch in said network to forward a packet received at a first port [120, 125 
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and 130] if an address associated with said packet is authorized for said first port 
[paragraphs 0054-0060]; comparing a set of learned addresses against set of expected 
addresses, said learned addresses comprising addresses associated with packets 
processed at a second port [1 15a-g], said expected addresses derived from an 
expected configuration of said network [paragraphs 0059-0060 and 0086-0101]. 
However, Vairavan does not explicitly show tracing a topology of said network to find a 
third port where an unexpected address entered said network, said third port coupled to 
a device having a media access control (MAC address) that is said unexpected 
address. In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1, lns.11-32 and col. 5, 
ln.9 - col.6, ln.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [i.e. the determination of which port a particular MAC address is reachable. 
For example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, lns.50-65]. Therefore, it would have been obvious to 
one of ordinary skill in the art at the time of the invention was made to modify Vairavan 
in view of Wang by tracing a topology of said network to find a third port where an 
unexpected address entered said network, said third port coupled to a device having a 
media access control (MAC address) that is said unexpected address because this 
feature is a consequence of the topologies being aligned [Wang, col.6, lns.63-65]. It is 
for this reason that one of ordinary skill in the art at the time of the invention would have 
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been motivated in order to gather specific diagnostic information relating to a particular 
path through the switched network [Wang, col.6, lns.20-21]. 

28. In response to applicant's argument that Vairavan does not teach, suggest, or 
describe, "comparing addresses associated with packets received at a first port in said 
network with expected addresses for said first port to determine unexpected 
addresses." Examiner respectfully disagrees because Vairavan suggests comparing 
addresses associated with packets received at a first port in said network with expected 
addresses for said first port to determine unexpected addresses [paragraphs 0059- 
0060; 0086-0101 and figs.2-3]. For example, the firewall module 310 analyzes, 
isolates, filters and discards packets [paragraph 0086]. Analyzing, isolating, filtering, 
and discarding packets is an example of comparing addresses to determine unexpected 
addresses. 

29. In response to applicant's argument that Wang does not teach tracing a topology 
of a network to determine a port where a packet associated with said unauthorized 
address entered said network. Examiner respectfully disagrees because Wang 
suggests tracing a topology of said network [i.e. tracing of the computer network, col.1, 
lns.1 1-32 and col.5, ln.9 - col.6, ln.65] to find a third port where an unexpected address 
entered said network, said third port coupled to a device having a media access control 
(MAC address) [i.e. the determination of which port a particular MAC address is 
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reachable. For example, Wang suggests if ports do not reachable, the frame is flooded 
over all outgoing non-blocked ports, col.6, lns.50-65]. 

30. In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642F. 2d 413, 208 USPQ 
871 (CCPA 1981); In re Merck & Co., 800 F. 2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 
Applicant obviously attacks references individually without taking into consideration 
based on the teaching of combinations of references as show in the above. 

31 . In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, it would have 
been obvious to one of ordinary skill in the art at the time of the invention was made to 
modify Vairavan in view of Wang by tracing a topology of said network to find a third 
port where an unexpected address entered said network, said third port coupled to a 
device having a media access control (MAC address) that is said unexpected address 
because this feature is a consequence of the topologies being aligned [Wang, col.6, 
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lns.63-65]. It is for this reason that one of ordinary skill in the art at the time of the 
invention would have been motivated in order to gather specific diagnostic information 
relating to a particular path through the switched network [Wang, col.6, lns.20-21]. 

Conclusion 

32. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. " Port isolation for restricting traffic flow on layer 2 switches ," by Joshi et 
al., United States Patent Number 7,095,741. 

b. " Extended domain computer network using standard links ," by Chin et al., 
United States Patent Number 5,617,421. 

c. " Method and apparatus for sorting and transmitting data packets ." by 
Huang, United States Patent Number 6,480,488. 

33. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

34. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nghi V. Tran whose telephone number is (571) 272- 
4067. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung can be reached on (571) 272-3939. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Nghi Tran 
Patent Examiner 
Art Unit 2151 

January 23, 2007 * a 




